<?php	session_start();
if(isset($_POST["usr"]) && isset($_POST["pwd"]))
{

	include_once("../../DataProvider.php");
	$usr = $_POST["usr"];
	$_SESSION["user"] = $usr;
	$pwd = $_POST["pwd"];
	$sql = "select * from tbl_user where username = '$usr'";
	$result = DataProvider::ExecuteQuery($sql);
	if($row = mysql_fetch_array($result))
	{
		if($row["Password"] == $pwd)
		{
			$_SESSION["login"] = 1;
			if(isset($_SESSION["hisURL"]))
			{
				header("Location: ".$_SESSION["hisURL"]);
			}
			else
			header("Location: ../home.php");
		}
		else
		{
			$_SESSION["login"] = 0;
			header("Location: ../login.php");
		}
	}
	else
	{
			$_SESSION["login"] = 0;
			header("Location: ../login.php");
	}
	
}
else
{
	$_SESSION["user"] = '';
	$_SESSION["login"] = 0;
	unset($_SESSION["login"]);
	header("Location: ../login.php");
}
?>